CVE-2025-24970
HIGHDescription
Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of the native SSLEngine or change the code manually.
Is your site exposed to CVE-2025-24970?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| netty | netty |
| netapp | active_iq_unified_manager |
| netapp | active_iq_unified_manager |
| netapp | active_iq_unified_manager |
| netapp | oncommand_insight |
References
Advisories & Patches
Exploits
Other References
Frequently Asked Questions
What is CVE-2025-24970? +
How severe is CVE-2025-24970? +
What products are affected by CVE-2025-24970? +
How do I check if I'm vulnerable to CVE-2025-24970? +
Related Vulnerabilities
Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset request is made. The vulnerability is …
Penetration Testing engineers at Amazon have discovered a flaw where the camera system fails to properly handle data supplied in …
A security flaw was found in certain NETGEAR RAX models that could allow a logged-in user to send specially crafted …
A security flaw was discovered in certain NETGEAR Nighthawk RAX series routers that could allow someone already logged in to …
n8n before version 2.10.0 contains an input validation vulnerability in the Guardrail node that allows attackers to bypass default guardrail …
A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured …